package backtype.storm.security.auth.digest;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;

import backtype.storm.security.auth.AuthUtils;

/**
 * SASL server side collback handler
 */
public class ServerCallbackHandler implements CallbackHandler {
	private static final String USER_PREFIX = "user_";
	private static final Logger LOG = LoggerFactory
			.getLogger(ServerCallbackHandler.class);
	private static final String SYSPROP_SUPER_PASSWORD = "storm.SASLAuthenticationProvider.superPassword";

	private String userName;
	private final Map<String, String> credentials = new HashMap<String, String>();

	public ServerCallbackHandler(Configuration configuration)
			throws IOException {
		if (configuration == null)
			return;

		AppConfigurationEntry configurationEntries[] = configuration
				.getAppConfigurationEntry(AuthUtils.LOGIN_CONTEXT_SERVER);
		if (configurationEntries == null) {
			String errorMessage = "Could not find a '"
					+ AuthUtils.LOGIN_CONTEXT_SERVER
					+ "' entry in this configuration: Server cannot start.";
			throw new IOException(errorMessage);
		}
		credentials.clear();
		for (AppConfigurationEntry entry : configurationEntries) {
			Map<String, ?> options = entry.getOptions();
			// Populate DIGEST-MD5 user -> password map with JAAS configuration
			// entries from the "Server" section.
			// Usernames are distinguished from other options by prefixing the
			// username with a "user_" prefix.
			for (Map.Entry<String, ?> pair : options.entrySet()) {
				String key = pair.getKey();
				if (key.startsWith(USER_PREFIX)) {
					String userName = key.substring(USER_PREFIX.length());
					credentials.put(userName, (String) pair.getValue());
				}
			}
		}
	}

	public void handle(Callback[] callbacks)
			throws UnsupportedCallbackException {
		for (Callback callback : callbacks) {
			if (callback instanceof NameCallback) {
				handleNameCallback((NameCallback) callback);
			} else if (callback instanceof PasswordCallback) {
				handlePasswordCallback((PasswordCallback) callback);
			} else if (callback instanceof RealmCallback) {
				handleRealmCallback((RealmCallback) callback);
			} else if (callback instanceof AuthorizeCallback) {
				handleAuthorizeCallback((AuthorizeCallback) callback);
			}
		}
	}

	private void handleNameCallback(NameCallback nc) {
		LOG.debug("handleNameCallback");
		userName = nc.getDefaultName();
		nc.setName(nc.getDefaultName());
	}

	private void handlePasswordCallback(PasswordCallback pc) {
		LOG.debug("handlePasswordCallback");
		if ("super".equals(this.userName)
				&& System.getProperty(SYSPROP_SUPER_PASSWORD) != null) {
			// superuser: use Java system property for password, if available.
			pc.setPassword(System.getProperty(SYSPROP_SUPER_PASSWORD)
					.toCharArray());
		} else if (credentials.containsKey(userName)) {
			pc.setPassword(credentials.get(userName).toCharArray());
		} else {
			LOG.warn("No password found for user: " + userName);
		}
	}

	private void handleRealmCallback(RealmCallback rc) {
		LOG.debug("handleRealmCallback: " + rc.getDefaultText());
		rc.setText(rc.getDefaultText());
	}

	private void handleAuthorizeCallback(AuthorizeCallback ac) {
		String authenticationID = ac.getAuthenticationID();
		LOG.debug("Successfully authenticated client: authenticationID="
				+ authenticationID);
		ac.setAuthorizedID(authenticationID);
		ac.setAuthorized(true);
	}
}
